Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c1/27f595-964f-4055-b92f-9ea9f5e203a0/1/WxF3Ah-HqkWD46jEdLSf15By4dQ.roa
File:                     WxF3Ah-HqkWD46jEdLSf15By4dQ.roa (raw, json)
Hash identifier:          F1Bbqnsw6e5tq9R3c7mdMkG3fp0o0nEA+3fMn0P6ii8=
Subject key identifier:   5B:11:77:02:1F:87:AA:45:83:E3:A8:C4:74:B4:9F:D7:90:72:E1:D4
Certificate issuer:       /CN=2b65275521d29caf7176ee2c398d40a1ec479c42
Certificate serial:       0194236A30E68DA7D426F3C02E38A0F41FCA
Authority key identifier: 2B:65:27:55:21:D2:9C:AF:71:76:EE:2C:39:8D:40:A1:EC:47:9C:42
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/K2UnVSHSnK9xdu4sOY1AoexHnEI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c1/27f595-964f-4055-b92f-9ea9f5e203a0/1/WxF3Ah-HqkWD46jEdLSf15By4dQ.roa
Signing time:             Wed 01 Jan 2025 19:49:09 +0000
ROA not before:           Wed 01 Jan 2025 19:49:09 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     8075
IP address blocks:        185.131.44.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c1/27f595-964f-4055-b92f-9ea9f5e203a0/1/K2UnVSHSnK9xdu4sOY1AoexHnEI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c1/27f595-964f-4055-b92f-9ea9f5e203a0/1/K2UnVSHSnK9xdu4sOY1AoexHnEI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/K2UnVSHSnK9xdu4sOY1AoexHnEI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 12:00:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:6a:30:e6:8d:a7:d4:26:f3:c0:2e:38:a0:f4:1f:ca
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2b65275521d29caf7176ee2c398d40a1ec479c42
        Validity
            Not Before: Jan  1 19:49:09 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=5b1177021f87aa4583e3a8c474b49fd79072e1d4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d7:45:2c:e2:d2:8f:d7:64:73:b4:99:f6:67:84:
                    4e:5e:2d:40:13:42:9b:2f:01:d8:c8:e6:c7:b6:d0:
                    09:bf:3a:62:76:4a:37:b3:6b:f7:d4:72:0c:58:3b:
                    c5:9e:07:e6:46:60:fa:65:5b:c3:93:c9:41:bf:ea:
                    36:13:f4:43:99:2f:28:14:73:01:40:7c:3f:e9:37:
                    29:13:4d:cd:a1:e2:29:11:06:d7:9f:5f:17:90:ea:
                    9b:af:62:dd:3e:6a:48:e2:ef:ab:30:60:58:27:b3:
                    47:6b:99:69:52:eb:a0:c3:7c:0e:6f:7f:75:4e:dc:
                    a4:8a:06:5b:19:79:00:f5:c8:a8:97:72:92:f9:0f:
                    15:97:b4:86:ad:71:54:d6:3d:0f:ed:6d:f8:2f:ed:
                    b6:d2:1b:e6:a0:80:29:85:6c:fb:54:17:e3:59:6e:
                    34:d1:af:8f:d5:6c:18:99:8b:2a:00:a5:a9:3d:35:
                    90:1e:07:d2:50:31:bf:fe:01:66:e8:22:45:52:90:
                    92:e8:4d:82:61:97:1e:52:7b:a6:e2:ea:b1:41:c7:
                    d3:d1:9b:3f:17:c8:94:e8:fb:80:6b:cc:b5:02:89:
                    ef:38:a6:93:85:eb:64:77:ee:45:73:e8:a8:b9:12:
                    89:06:fb:69:5d:5c:01:ff:4a:50:48:31:55:e4:fe:
                    17:91
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5B:11:77:02:1F:87:AA:45:83:E3:A8:C4:74:B4:9F:D7:90:72:E1:D4
            X509v3 Authority Key Identifier:
                keyid:2B:65:27:55:21:D2:9C:AF:71:76:EE:2C:39:8D:40:A1:EC:47:9C:42

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/K2UnVSHSnK9xdu4sOY1AoexHnEI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c1/27f595-964f-4055-b92f-9ea9f5e203a0/1/WxF3Ah-HqkWD46jEdLSf15By4dQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c1/27f595-964f-4055-b92f-9ea9f5e203a0/1/K2UnVSHSnK9xdu4sOY1AoexHnEI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.131.44.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0d:cb:8b:6d:c2:a9:67:b4:e0:37:16:c3:a9:d4:a9:3d:fc:11:
         29:5f:9f:2b:11:04:d8:de:b6:01:a7:fe:c1:d5:9c:81:fb:a6:
         27:4b:32:e6:35:c3:71:0e:1c:8d:9d:39:93:39:5e:ee:e3:20:
         3e:f7:8f:20:8c:9c:a4:83:c4:e9:13:d9:b5:a4:91:0b:c4:98:
         b6:db:98:39:27:e5:b7:28:c1:3d:8b:90:23:7f:6d:cf:1d:40:
         f1:39:c1:6e:f8:62:a6:d2:e0:19:2a:46:54:c2:a2:d7:70:e4:
         f0:c2:32:78:1d:4b:d9:a6:06:89:75:d2:0e:83:0f:b4:0a:c3:
         3f:a3:1d:ab:e4:c6:2a:98:16:b6:44:51:57:5f:24:eb:ed:55:
         c4:d6:04:77:2e:8f:3b:6f:6e:e9:77:d7:2f:b2:4b:41:e1:7e:
         ef:42:43:b6:cb:07:58:8f:59:6b:3c:4d:cd:71:f2:08:1d:98:
         ba:67:1d:15:e6:4d:c9:66:cd:9e:64:3f:f5:b9:00:27:99:cb:
         fb:67:f5:12:e9:f9:0c:af:c9:32:73:c8:14:ef:d5:98:da:8d:
         bb:1d:e5:34:c2:4c:71:ac:81:0f:a2:60:95:6a:b0:b6:d1:59:
         06:86:f8:9f:e7:65:ea:7a:3a:ce:36:df:c9:90:6a:76:19:b9:
         54:1c:62:89
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQjajDmjafUJvPALjig9B/KMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJiNjUyNzU1MjFkMjljYWY3MTc2ZWUyYzM5OGQ0MGExZWM0
NzljNDIwHhcNMjUwMTAxMTk0OTA5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1YjExNzcwMjFmODdhYTQ1ODNlM2E4YzQ3NGI0OWZkNzkwNzJlMWQ0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA10Us4tKP12RztJn2Z4ROXi1AE0Kb
LwHYyObHttAJvzpidko3s2v31HIMWDvFngfmRmD6ZVvDk8lBv+o2E/RDmS8oFHMB
QHw/6TcpE03NoeIpEQbXn18XkOqbr2LdPmpI4u+rMGBYJ7NHa5lpUuugw3wOb391
TtykigZbGXkA9ciol3KS+Q8Vl7SGrXFU1j0P7W34L+220hvmoIAphWz7VBfjWW40
0a+P1WwYmYsqAKWpPTWQHgfSUDG//gFm6CJFUpCS6E2CYZceUnum4uqxQcfT0Zs/
F8iU6PuAa8y1AonvOKaThetkd+5Fc+iouRKJBvtpXVwB/0pQSDFV5P4XkQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFsRdwIfh6pFg+OoxHS0n9eQcuHUMB8GA1UdIwQY
MBaAFCtlJ1Uh0pyvcXbuLDmNQKHsR5xCMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSzJVblZTSFNuSzl4ZHU0c09ZMUFvZXhIbkVJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMS8yN2Y1OTUtOTY0Zi00MDU1LWI5MmYt
OWVhOWY1ZTIwM2EwLzEvV3hGM0FoLUhxa1dENDZqRWRMU2YxNUJ5NGRRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMS8yN2Y1OTUtOTY0Zi00MDU1LWI5MmYtOWVhOWY1ZTIwM2Ew
LzEvSzJVblZTSFNuSzl4ZHU0c09ZMUFvZXhIbkVJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuYMsMA0G
CSqGSIb3DQEBCwUAA4IBAQANy4ttwqlntOA3FsOp1Kk9/BEpX58rEQTY3rYBp/7B
1ZyB+6YnSzLmNcNxDhyNnTmTOV7u4yA+948gjJykg8TpE9m1pJELxJi225g5J+W3
KME9i5Ajf23PHUDxOcFu+GKm0uAZKkZUwqLXcOTwwjJ4HUvZpgaJddIOgw+0CsM/
ox2r5MYqmBa2RFFXXyTr7VXE1gR3Lo87b27pd9cvsktB4X7vQkO2ywdYj1lrPE3N
cfIIHZi6Zx0V5k3JZs2eZD/1uQAnmcv7Z/US6fkMr8kyc8gU79WY2o27HeU0wkxx
rIEPomCVarC20VkGhvif52XqejrONt/JkGp2GblUHGKJ
-----END CERTIFICATE-----